Reducing the Attack Surface on Windows Server Platforms

Q: Because Microsoft Internet Explorer (IE) is an all-time favorite malware target,we want to get rid of IE to reduce the attack surface on our Windows Server platforms.What options do we have? Are there any new features in Windows Server 2012 to help us out?


A: Some Windows Server OS offer installation options that provide a more secure alternative to the classic full-blown GUI-based administration interface. These installation options are Server Core (available in Windows Server 2008 and later) and Minimal Server Interface (available in Windows Server 2012 and later).

Microsoft introduced Server Core Server 2008 administrators to restrict the command line for server management. In Server 2008 administrators from the central server and full installation options can be selected.

In Server 2012, Microsoft has minimal server interface, which is an intermediate state between the options of full and Server Core installation. Minimal Server Interface contains most of the server with a graphical user interface; with the exception of IE and-two components of the larger shells is the Windows Explorer GUI Windows. Minimal server interface does not contain the Windows desktop application or support Metro. In addition, a number of applications to the control panel (applets implemented as shell extensions) are not available. These include the Programs and Features, Network and Sharing, Devices and Printers, Screen, Windows Firewall, Windows Update, sources and storage areas applets. Important management tools such as Microsoft Management Console (MMC) and Server Manager are still small server interface.

In Server 2012,a server interface minimal installation is easy to change to a GUI in manufacturing or a Server Core installation or vice versa.(Exchange Server Core full GUI user, or vice versa, is not a trivial task in Server 2008).

Leave a Reply

Your email address will not be published. Required fields are marked *